ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-06-18 18:16:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Enforce token auth for odic config PUT call

Browse Source
This commit is contained in:
Samuel Oechsler
2024-10-30 20:35:01 +01:00
parent 7ef52d8ed4
commit 1a030a6ddd
4 changed files with 21 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
backend/lib/express/jwt-decode.js
View File

@ -4,9 +4,14 @@ module.exports = () => {
return function (req, res, next) {
res.locals.access = null;
let access = new Access(res.locals.token || null);
// allow unauthenticated access to OIDC configuration
let anon_access = req.url === '/oidc-config' && !access.token.getUserId();
access.load(anon_access)
// Allow unauthenticated access to get the oidc configuration
let oidc_access =
req.url === '/oidc-config' &&
req.method === 'GET' &&
!access.token.getUserId();
access.load(oidc_access)
.then(() => {
res.locals.access = access;
next();